+++ This bug was initially created as a clone of Bug #212056 +++
From the screen-users mailing list:
I've just released screen-4.0.3. This is not the promised next version
with vertical split and other cool things, but just a security release
that fixes two bugs in the utf8 combining characters handling. The
bugs could be used to crash/hang screen by writing a special string
to a window.
The fixed version is (as usual) available via:
ftp://ftp.uni-erlangen.de/pub/utilities/screen/screen-4.0.3.tar.gz
Credits go to cstone & Rich Felker for finding the bugs.
Kees Cook of Ubuntu analysed this issue and determined that it's likely an
exploitable issue, but it's non trivial to exploit. This will require a fair
amount of user interaction to exploit, thus the low severity.
This issue also affects FC5